

zhangguanzhang's Blog

zhangguanzhang's Blog

flannel 路由错乱



flannel 路由错乱

kubernetes flannel vxlan

字数统计: 3.8k阅读时长: 22 min

 2025/09/03   Share

• 
• 
• 
• 
• 

一次 flannel 路由错乱导致的跨节点不通

由来

有一套客户测试环境，实施部署业务后发现有问题，看了下业务日志无法解析域名。因为 host-gw 需要二层，而且有些虚拟化有 IP/MAC 绑定，所以默认用 vxlan 模式。

排查

路由不对

上去查了下发现 Pod 网段路由不对：

$  ip r s 
default via 172.16.0.1 dev eth0 proto dhcp metric 100 
10.185.0.0/16 dev docker0 proto kernel scope link src 10.185.0.1 linkdown 
10.187.0.0/24 via 172.16.0.250 dev eth0
10.187.1.0/24 via 172.16.0.202 dev eth0 
10.187.2.0/24 via 172.16.0.104 dev eth0 #<--- 这几个
10.187.3.0/24 via 172.16.0.104 dev eth0 #<--- 这几个
10.187.3.0/24 dev cni0 proto kernel scope link src 10.187.3.1 #<--- 这几个
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.231 metric 100 

是 vxlan 模式，但是 2.0、3.0 下一跳都是 172.16.0.104，而且本机是 10.187.3.0/24 网段，cni0 的路由无法匹配到。怀疑是客户添加的路由，让和客户沟通后换个和客户内网不重合的 Pod CIDR。然后实施重装后还是这样，上去看了下日志：

模式错乱

$ docker ps -a | grep flanneld
$ docker logs xxxx # flannel容器ID
W0903 01:37:31.229597       1 main.go:540] no subnet found for key: FLANNEL_IPV6_NETWORK in file: /run/flannel/subnet.env
W0903 01:37:31.229636       1 main.go:540] no subnet found for key: FLANNEL_IPV6_SUBNET in file: /run/flannel/subnet.env
I0903 01:37:31.229643       1 iptables.go:125] Setting up masking rules
I0903 01:37:31.422425       1 iptables.go:226] Changing default FORWARD chain policy to ACCEPT
I0903 01:37:31.523863       1 main.go:396] Wrote subnet file to /run/flannel/subnet.env
I0903 01:37:31.523889       1 main.go:400] Running backend.
I0903 01:37:31.524023       1 route_network.go:56] Watching for new subnet leases
I0903 01:37:31.524247       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610100, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac100068, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:37:31.524425       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610300, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac1000e7, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:37:31.524449       1 route_network.go:93] Subnet added: 10.97.1.0/24 via 172.16.0.104
I0903 01:37:31.524705       1 route_network.go:166] Route to {Ifindex: 2 Dst: 10.97.1.0/24 Src: <nil> Gw: 172.16.0.104 Flags: [] Table: 0 Realm: 0} already exists, skipping.
I0903 01:37:31.524797       1 route_network.go:93] Subnet added: 10.97.3.0/24 via 172.16.0.231
I0903 01:37:31.524876       1 route_network.go:166] Route to {Ifindex: 2 Dst: 10.97.3.0/24 Src: <nil> Gw: 172.16.0.231 Flags: [] Table: 0 Realm: 0} already exists, skipping.
I0903 01:37:31.524903       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610000, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac1000fa, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:37:31.524939       1 route_network.go:93] Subnet added: 10.97.0.0/24 via 172.16.0.250
I0903 01:37:31.525190       1 route_network.go:166] Route to {Ifindex: 2 Dst: 10.97.0.0/24 Src: <nil> Gw: 172.16.0.250 Flags: [] Table: 0 Realm: 0} already exists, skipping.
I0903 01:37:31.621427       1 main.go:421] Waiting for all goroutines to exit
I0903 01:37:31.922267       1 iptables.go:372] bootstrap done
I0903 01:37:32.129063       1 iptables.go:372] bootstrap done

上面日志很奇怪，注意几个关键地方：

• BackendType:"host-gw"
• Subnet added: 10.97.0.0/24 via 172.16.0.250

怎么会是 host-gw 模式，查看下路由：

[root@vm172-16-0-202 ~]# ip r s 
default via 172.16.0.1 dev eth0 proto dhcp metric 100 
10.97.0.0/24 via 172.16.0.250 dev eth0 
10.97.1.0/24 via 172.16.0.104 dev eth0 
10.97.2.0/24 via 172.16.0.250 dev eth0 
10.97.2.0/24 dev cni0 proto kernel scope link src 10.97.2.1 
10.97.3.0/24 via 172.16.0.231 dev eth0 
10.185.0.0/16 dev docker0 proto kernel scope link src 10.185.0.1 linkdown 
10.187.0.0/24 via 172.16.0.250 dev eth0 
10.187.2.0/24 via 172.16.0.104 dev eth0 
10.187.3.0/24 via 172.16.0.231 dev eth0 
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.202 metric 100

老路由忽略，新路由看确实是 host-gw 模式的路由，看下 configmap 配置模式：

[root@vm172-16-0-202 ~]# kubectl -n kube-system get cm kube-flannel-cfg -o yaml
apiVersion: v1
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {

      "Network": "10.97.0.0/16",
            "Backend": {
        "Type": "vxlan",
        "Port": 8475
      }
    }
kind: ConfigMap

configmap 是 vxlan 没问题，看下文件：

[root@vm172-16-0-202 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=10.97.0.0/16
FLANNEL_SUBNET=10.97.2.1/24
FLANNEL_MTU=1500
FLANNEL_IPMASQ=true

奇怪了，怎么是 host-gw 的 1500 MTU，删除下 flannel 容器后再看看：

[root@vm172-16-0-202 ~]# docker rm -f xxx # flanneld 容器id
[root@vm172-16-0-202 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=10.97.0.0/16
FLANNEL_SUBNET=10.97.2.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
[root@vm172-16-0-202 ~]# docker ps -a | grep flanneld
e288c4442ee2   reg.xxx.lan:5000/xxx/flannel                   "/opt/bin/flanneld -…"   41 seconds ago   Up 40 seconds                         k8s_kube-flannel_kube-flannel-ds-w7rk2_kube-system_581101b1-cfa5-4ccc-80be-e78a9c248b96_1
[root@vm172-16-0-202 ~]# docker logs e288
I0903 01:47:13.123249       1 main.go:211] CLI flags config: {etcdEndpoints:http://127.0.0.1:4001,http://127.0.0.1:2379 etcdPrefix:/coreos.com/network etcdKeyfile: etcdCertfile: etcdCAFile: etcdUsername: etcdPassword: version:false kubeSubnetMgr:true kubeApiUrl: kubeAnnotationPrefix:flannel.alpha.coreos.com kubeConfigFile: iface:[] ifaceRegex:[] ipMasq:true ifaceCanReach: subnetFile:/run/flannel/subnet.env publicIP: publicIPv6: subnetLeaseRenewMargin:60 healthzIP:0.0.0.0 healthzPort:0 iptablesResyncSeconds:5 iptablesForwardRules:true netConfPath:/etc/kube-flannel/net-conf.json setNodeNetworkUnavailable:true}
W0903 01:47:13.123387       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0903 01:47:13.223377       1 kube.go:139] Waiting 10m0s for node controller to sync
I0903 01:47:13.223476       1 kube.go:469] Starting kube subnet manager
I0903 01:47:13.230593       1 kube.go:490] Creating the node lease for IPv4. This is the n.Spec.PodCIDRs: [10.97.1.0/24]
I0903 01:47:13.230628       1 kube.go:490] Creating the node lease for IPv4. This is the n.Spec.PodCIDRs: [10.97.2.0/24]
I0903 01:47:13.230637       1 kube.go:490] Creating the node lease for IPv4. This is the n.Spec.PodCIDRs: [10.97.3.0/24]
I0903 01:47:13.230644       1 kube.go:490] Creating the node lease for IPv4. This is the n.Spec.PodCIDRs: [10.97.0.0/24]
I0903 01:47:14.223684       1 kube.go:146] Node controller sync successful
I0903 01:47:14.223761       1 main.go:231] Created subnet manager: Kubernetes Subnet Manager - 172.16.0.202
I0903 01:47:14.223767       1 main.go:234] Installing signal handlers
I0903 01:47:14.224176       1 main.go:452] Found network config - Backend type: vxlan
I0903 01:47:14.229346       1 kube.go:669] List of node(172.16.0.202) annotations: map[string]string{"flannel.alpha.coreos.com/backend-data":"null", "flannel.alpha.coreos.com/backend-type":"host-gw", "flannel.alpha.coreos.com/kube-subnet-manager":"true", "flannel.alpha.coreos.com/public-ip":"172.16.0.202", "node.alpha.kubernetes.io/ttl":"0", "volumes.kubernetes.io/controller-managed-attach-detach":"true"}
I0903 01:47:14.229398       1 match.go:210] Determining IP address of default interface
I0903 01:47:14.229758       1 match.go:263] Using interface with name eth0 and address 172.16.0.202
I0903 01:47:14.229788       1 match.go:285] Defaulting external address to interface address (172.16.0.202)
I0903 01:47:14.229841       1 vxlan.go:141] VXLAN config: VNI=1 Port=8475 GBP=false Learning=false DirectRouting=false
I0903 01:47:14.233427       1 kube.go:636] List of node(172.16.0.202) annotations: map[string]string{"flannel.alpha.coreos.com/backend-data":"null", "flannel.alpha.coreos.com/backend-type":"host-gw", "flannel.alpha.coreos.com/kube-subnet-manager":"true", "flannel.alpha.coreos.com/public-ip":"172.16.0.202", "node.alpha.kubernetes.io/ttl":"0", "volumes.kubernetes.io/controller-managed-attach-detach":"true"}
I0903 01:47:14.249292       1 iptables.go:51] Starting flannel in iptables mode...
W0903 01:47:14.249452       1 main.go:540] no subnet found for key: FLANNEL_IPV6_NETWORK in file: /run/flannel/subnet.env
W0903 01:47:14.249491       1 main.go:540] no subnet found for key: FLANNEL_IPV6_SUBNET in file: /run/flannel/subnet.env
I0903 01:47:14.249498       1 iptables.go:125] Setting up masking rules
I0903 01:47:14.250112       1 kube.go:490] Creating the node lease for IPv4. This is the n.Spec.PodCIDRs: [10.97.2.0/24]
I0903 01:47:14.529553       1 iptables.go:226] Changing default FORWARD chain policy to ACCEPT
I0903 01:47:14.622211       1 main.go:396] Wrote subnet file to /run/flannel/subnet.env
I0903 01:47:14.622240       1 main.go:400] Running backend.
I0903 01:47:14.622545       1 vxlan_network.go:65] watching for new subnet leases
I0903 01:47:14.622590       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610100, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac100068, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:47:14.622651       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610300, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac1000e7, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:47:14.622694       1 vxlan_network.go:100] Received Subnet Event with VxLan: BackendType: host-gw, PublicIP: 172.16.0.104, PublicIPv6: (nil), BackendData: null, BackendV6Data: (nil)
W0903 01:47:14.622710       1 vxlan_network.go:102] ignoring non-vxlan v4Subnet(10.97.1.0/24) v6Subnet(::/0): type=host-gw
I0903 01:47:14.622724       1 vxlan_network.go:100] Received Subnet Event with VxLan: BackendType: host-gw, PublicIP: 172.16.0.231, PublicIPv6: (nil), BackendData: null, BackendV6Data: (nil)
W0903 01:47:14.622727       1 vxlan_network.go:102] ignoring non-vxlan v4Subnet(10.97.3.0/24) v6Subnet(::/0): type=host-gw
I0903 01:47:14.622737       1 subnet.go:152] Batch elem [0] is { lease.Event{Type:0, Lease:lease.Lease{EnableIPv4:true, EnableIPv6:false, Subnet:ip.IP4Net{IP:0xa610000, PrefixLen:0x18}, IPv6Subnet:ip.IP6Net{IP:(*ip.IP6)(nil), PrefixLen:0x0}, Attrs:lease.LeaseAttrs{PublicIP:0xac1000fa, PublicIPv6:(*ip.IP6)(nil), BackendType:"host-gw", BackendData:json.RawMessage{0x6e, 0x75, 0x6c, 0x6c}, BackendV6Data:json.RawMessage(nil)}, Expiration:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Asof:0}} }
I0903 01:47:14.622759       1 vxlan_network.go:100] Received Subnet Event with VxLan: BackendType: host-gw, PublicIP: 172.16.0.250, PublicIPv6: (nil), BackendData: null, BackendV6Data: (nil)
W0903 01:47:14.622764       1 vxlan_network.go:102] ignoring non-vxlan v4Subnet(10.97.0.0/24) v6Subnet(::/0): type=host-gw
I0903 01:47:14.722083       1 main.go:421] Waiting for all goroutines to exit
I0903 01:47:15.123247       1 iptables.go:372] bootstrap done
I0903 01:47:15.525861       1 iptables.go:372] bootstrap done

文件内容是对了，但是看日志内部显示节点 annotation 注解不对劲：

kube.go:636] List of node(172.16.0.202) annotations: \
  map[string]string{"flannel.alpha.coreos.com/backend-data":"null", \
  "flannel.alpha.coreos.com/backend-type":"host-gw", \
  "flannel.alpha.coreos.com/kube-subnet-manager":"true", \
  "flannel.alpha.coreos.com/public-ip":"172.16.0.202", \
  "node.alpha.kubernetes.io/ttl":"0", "volumes.kubernetes.io/controller-managed-attach-detach":"true"}

显示的是 host-gw ，看下节点注解：

$ kubectl get node -o yaml | grep flannel
      flannel.alpha.coreos.com/backend-data: "null"
      flannel.alpha.coreos.com/backend-type: host-gw
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.104
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"f6:12:96:a0:5a:14"}'
      flannel.alpha.coreos.com/backend-type: vxlan
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.202
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: "null"
      flannel.alpha.coreos.com/backend-type: host-gw
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.231
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: "null"
      flannel.alpha.coreos.com/backend-type: host-gw
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.250

怎么两个 host-gw 模式，既然删除 pod 无用，就 edit 去掉 flannel.alpha.coreos.com/backend-type 注解了

[root@vm172-16-0-202 ~]# kubectl edit node 172.16.0.202
[root@vm172-16-0-202 ~]# kubectl -n kube-system delete pod kube-flannel-ds-2cxkf kube-flannel-ds-hml7r
pod "kube-flannel-ds-2cxkf" deleted
pod "kube-flannel-ds-hml7r" deleted
[root@vm172-16-0-202 ~]# kubectl get no -o yaml | grep flannel
      flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"de:87:3d:b7:74:fc"}'
      flannel.alpha.coreos.com/backend-type: vxlan
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.104
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"f6:12:96:a0:5a:14"}'
      flannel.alpha.coreos.com/backend-type: vxlan
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.202
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"1e:24:24:5e:b8:84"}'
      flannel.alpha.coreos.com/backend-type: vxlan
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.231
      - reg.xxx.lan:5000/xxx/flannel@sha256:13cddb14533a10394aa9436bd96a4c866a139b7ef01e71526aae013e724acca7
      - flannel/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel:v0.25.4
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin@sha256:85aa4c338969e97b1ab751fdc2c167af228a241a224e2d0e5b81ca0f3e93e1fa
      - flannel/flannel-cni-plugin:v1.4.1-flannel1
      - reg.xxx.lan:5000/xxx/flannel-cni-plugin:v1.4.1
      flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"36:a5:28:4d:ec:e3"}'
      flannel.alpha.coreos.com/backend-type: vxlan
      flannel.alpha.coreos.com/kube-subnet-manager: "true"
      flannel.alpha.coreos.com/public-ip: 172.16.0.250

剩下几个 node 处理后：

[root@vm172-16-0-202 ~]# ip r s
default via 172.16.0.1 dev eth0 proto dhcp metric 100 
10.97.0.0/24 via 10.97.0.0 dev flannel.1 onlink 
10.97.1.0/24 via 10.97.1.0 dev flannel.1 onlink 
10.97.2.0/24 via 172.16.0.250 dev eth0 
10.97.2.0/24 dev cni0 proto kernel scope link src 10.97.2.1 
10.97.3.0/24 via 10.97.3.0 dev flannel.1 onlink 
10.185.0.0/16 dev docker0 proto kernel scope link src 10.185.0.1 linkdown 
10.187.0.0/24 via 172.16.0.250 dev eth0 
10.187.2.0/24 via 172.16.0.104 dev eth0 
10.187.3.0/24 via 172.16.0.231 dev eth0 
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.202 metric 100

重启后也没问题

[root@vm172-16-0-202 ~]# ip r
default via 172.16.0.1 dev eth0 proto dhcp metric 100 
10.97.0.0/24 via 10.97.0.0 dev flannel.1 onlink 
10.97.1.0/24 via 10.97.1.0 dev flannel.1 onlink 
10.97.2.0/24 dev cni0 proto kernel scope link src 10.97.2.1 
10.97.3.0/24 via 10.97.3.0 dev flannel.1 onlink 
10.185.0.0/16 dev docker0 proto kernel scope link src 10.185.0.1 linkdown 
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.202 metric 100

询问了是不是有人最开始部署改过模式了，说没有，奇怪了。

原文作者：Zhangguanzhang

原文链接：http://zhangguanzhang.github.io/2025/09/03/flannel-mode-chaos/

发表日期：九月 3日 2025, 10:10:30 上午

更新日期：September 3rd 2025, 10:10:30 am

版权声明：本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

• Previous Post
  私有化下(CentOS 7)Podman调研

Powered by Hexotheme Archer

PV: :)

CATALOG

1. 1. 由来
2. 2. 排查
   1. 2.1. 路由不对
   2. 2.2. 模式错乱

• Archive
• Tag
• Cate

Total : 197



2025

• 09/03 flannel 路由错乱
• 08/06 私有化下(CentOS 7)Podman调研
• 07/29 python grpc 使用域名第一次耗时长问题
• 06/17 golang gitlab subgroup 构建问题
• 06/02 小白向的 kubernetes 证书讲解
• 04/27 开发一个让指定应用走代理的安卓 app 过程
• 04/21 kube-log-runner 使用和适配 logrotate 改造
• 02/14 阿里云 ecs 上 etcd SSL reset
• 02/13 给鲲鹏920和低版本飞腾编译arm64 clickhouse
• 01/08 docker login hang

2024

• 11/24 inotifywait 和 confd 在一起踩的坑
• 09/16 hostPort 不通排查，以及挖掘问题根源
• 08/02 在 IPv6 单栈下适配部署 K8S、中间件、应用适配
• 07/25 [持续更新] - headscale 搭建和应用场景
• 07/21 [持续更新] - 安卓折腾笔记
• 06/17 hostPort 访问进来的源 IP 是 cni0 地址的排查
• 05/22 arm64 redis COW 检测
• 05/01 k8s node 热扩容内存导致的一次业务故障
• 04/22 开源容器镜像扫描 trivy 懒人重点指南
• 04/16 golang pprof 转 svg 的最小二进制依赖尝试
• 04/11 cri-dockerd 无法拉取需认证仓库上的 pause 镜像解决
• 04/08 docker 和 k8s 使用 gpu 笔记
• 02/06 高版本client-go在serviceAccountToken下invalid bearer token?
• 01/26 docker v2 registry 本地仓库如何只删除指定 tag 而非 manifest 下的所有 tag
• 01/16 golang 代码层面构建和推送容器镜像到远端仓库
• 01/08 docker 和 apparmor

2023

• 12/01 openat /etc/resolv.conf 卡住的一次排查
• 11/03 [持续更新] - 容器非 root 启动改造的经验
• 10/20 proxmox 7.4 升级8 后开机卡在 Loading kernel 6.2.16-15
• 08/18 k8s 使用 nfs 下 pod 无法创建的解决思路
• 08/08 qemu-user-static 下 cgo go build 卡住的一次解决
• 07/13 为什么ipvs下externalIPs乱设置会崩
• 05/22 pod 的 /etc/resolv.conf 生成机制
• 04/12 国产系统上解决docker pull卡住的问题
• 03/07 利用 qemu user 模式和 binfmt_misc 构建其他架构的 docker 镜像
• 02/14 openstack 虚机上 rabbitmqctl 超时

2022

• 12/30 k8s java 容器未设置 requests.cpu 导致性能问题
• 11/03 如何打包一个不依赖 python 的 supervisor 的包去离线部署
• 10/09 磁盘问题宕机后 docker 的 containerd 无法启动
• 09/07 低版本docker veth没清理造成容器网络问题
• 07/28 exsi 使用 redhat8.4 搭建k8s集群，flannel vxlan 模式的不正常排错
• 07/12 k8s pod 没有 IP ，报错 failed to read pod IP from plugin/docker
• 06/03 docker info无warning，iptables规则正常，宿主机就是不转发
• 05/13 低版本内核下容器内部无法使用 unix socket 通信
• 04/23 nfc 折腾笔记，ACR122U/proxmark3
• 04/22 docker containerd 不定时的 segfault 的一次处理过程
• 04/21 ecs 中毒的一次处理过程
• 04/11 无数据的 tcp 链接被 SDN/防火墙 干掉的一种处理办法
• 03/24 python kubernetes client list permission
• 03/17 ttf转woff工具谷歌woff2的静态编译
• 03/16 server 端的 cannot assign requested address
• 02/24 keepalived static link build
• 02/18 proxmox 开机 error: disk 'lvmid/[vg uuid]/[lv uuid]' not found
• 02/10 18.09.03 docker daemon layer broken 的一次不优雅处理
• 01/26 利用 docker buildx 静态编译 nginx
• 01/22 EmuELEC 笔记

2021

• 12/19 openwrt 的在线升级固件和扩容的研究
• 12/12 docker数据盘损坏后启动报错 Error starting daemon: Error initializing network controller: Error creating default "bridge" network: package not installed
• 10/29 1.15 kubelet 在 nodefs 容量富裕下循环 reclaim ephemeral-storage
• 09/28 在非容器环境上实现散装的 IPVS SVC
• 09/16 解决 docker 的 read unix @->/run/containerd/s/xxx read: connection reset by peer: unknown
• 09/03 [持续更新] - Openwrt USB 网络
• 09/02 fio 静态编译和基础使用
• 09/01 ubuntu18下io调度算法是cfq导致mysql非常慢
• 08/27 干掉烦人的 open /run/xtables.lock: is a directory
• 08/25 flannel下集群有个节点网络不通的一次排查
• 08/24 一次 cni-plugins 导致集群 dns 无法解析的排错
• 08/16 kubelet 为系统配置预留资源
• 07/26 鲲鹏920的麒麟v10物理服务器断电后无法启动处理
• 07/20 dlv命令行的远程调试 golang 进程步骤(包含容器进程)
• 07/16 编译mips64le架构的consul
• 07/06 机器重启后 kube-apiserver 无法启动，etcd刷(error "EOF", ServerName "")
• 07/05 Job for docker.service canceled
• 06/08 openshift 4.5.9 etcd损坏+脑裂修复过程
• 05/26 docker-ce 18.09.3 启动panic: invalid freelist page: 56, page type is leaf的解决处理
• 04/30 一次单节点单个pod网络问题排查过程
• 04/08 kubelet 和 runc 编译关闭 kmem
• 03/23 iptables --wait -t nat -A DOCKER...: iptables NO chain/target/match by that name
• 03/22 Internal error occurred: jsonpatch add operation does not apply: doc is missing path: xxx
• 03/12 使用github action 配合 docker buildx 编译 arm64 docker-compose
• 02/02 集群节点关机导致dns在eviction pod之前几率不可用
• 01/24 e2fsck 太老报错 has unsupported feature(s): metadata_csum，从而尝试静态编译
• 01/23 chrony 静态编译和笔记

2020

• 12/04 docker18.03 hang at 'restoring container'
• 11/23 ansible reload user group
• 11/23 ansible hang in docker container
• 11/20 永久关闭swap的正确姿势
• 11/06 银河麒麟arm64系统克隆机器上k8s vxlan跨节点不通的一次排查
• 10/30 统信USO 20 hostPort 无法访问
• 10/20 银河麒麟arm64系统上k8s集群跨节点不通的一次排查
• 09/18 openshift 4.5.9 离线安装
• 08/27 skopeo 静态编译
• 08/05 个人用 wireguard 笔记
• 07/30 prometheus的rate与irate内部是如何计算的
• 07/23 k8s master机器文件系统故障的一次恢复过程
• 07/05 Linux audit 审计
• 06/25 k8s pprof 分析 cpu 和内存
• 06/23 阿里云上使用flannel host-gw跨节点pod不通的解决
• 06/19 [未写完]使用go开发一个Prometheus的exporter
• 05/23 v1.17+ k8s集群下CNI使用VXLAN模式SVC有63秒延迟的触发原因定位
• 05/13 proxmox x86软路由笔记
• 05/12 adguardhome dns FORMERR 错误
• 05/12 斐讯N1刷机和旁路由的设置
• 04/27 git工作流下golang项目的version信息该如何处理
• 04/03 编写一个动态准入控制
• 03/26 一次deploy,rs,sts Mismatch 的处理
• 03/10 go mod的基础使用-科普
• 03/02 centos6中毒重启后卡在启动页面
• 03/02 记录一次request_module: runaway loop modeprobe binfmt-0000
• 02/27 使用microsoft-graph的api对接onedrive
• 01/15 Killing container "docker://xxx with 30 second grace period
• 01/08 docker-18.06.3-ce启动panic: invalid page type: 0: 0的解决处理

2019

• 12/05 opensuse的一次救援
• 12/03 从PTTYPE="dos"到TYPE="LVM2_member"的救援
• 11/24 [长期更新]--应大多数人要求写下kubeadm的基础使用
• 10/24 consul仅当服务发现在k8s无状态部署使用
• 10/21 手动修复v1.14-v1.15版本k8s的issue:76956
• 10/12 /boot目录被清空下物理机无法开机的一次救援
• 10/11 ansible数量限制上的幂等性
• 09/27 高可用的SSL consul cluster实践
• 09/05 修改源码更改prometheus的时区问题
• 08/24 gobot控制esp8266
• 08/06 ubuntu preseed无人应答安装
• 07/14 golang headless browser包chromedp初探
• 07/08 为什么我不用nodePort之偶然中奖几率
• 07/07 golang的net/http包的客户端简单科普
• 06/26 uefi模式下docker+交换机部署pxe批量安装
• 06/23 拟定excel表格服务器自动按照表格配置信息和安装的实现过程
• 06/12 SMASH CLP的一些笔记
• 06/02 golang cobra的一些笔记
• 05/11 standard_init_linux.go:211: exec user process caused "too many open files in system"
• 04/28 闲谈线上俩k8s环境同等limits下pod启动时间不一样解决过程
• 03/22 一次kube-controller-manager的bug导致的线上无法调度处理过程
• 03/15 不走etcd v2 api下二进制跑flannel的总结
• 03/11 k8s高可用涉及到ip填写的相关配置和一些坑
• 03/03 二进制部署Kubernetes v1.13.12 HA可选
• 02/19 docker部署jira(8.0.0)和confluence(6.14.1)
• 02/12 通用的dashboard部署和tls，SSL相关部署
• 01/30 fstab与systemd.mount自动挂载的一点研究和见解
• 01/22 proxmox里使用cloud-init和一些笔记

2018

• 12/04 prometheus的黑盒监控
• 11/24 对于初入k8s和kubeadm的一些建议
• 11/06 一次docker镜像的解耦--onlyoffice
• 11/05 记录一次十字符病毒清理过程
• 10/27 生成kubeconfig常规的两种方法
• 10/12 全手动部署prometheus-operator监控K8S集群以及一些坑
• 10/06 IngressController使用和它的高可用落地
• 09/24 跨VPC或者跨云供应商搭建K8S集群正确姿势
• 09/18 二进制部署Kubernetes v1.11.x(1.12.x) HA可选
• 08/03 Kubernetes v1.11.x HA全手动苦工安装教学
• 07/18 基于openstack的ecs上使用VIP
• 07/08 利用travis同步gcr.io镜像到dockerhub
• 06/25 记录一次线上k8s节点故障
• 06/03 kubernetes's Job总结和实战以及坑
• 06/02 kubernetes的PodAffinity的不解
• 05/05 [转载+修正]Kubernetes v1.10.x HA全手动苦工安装教学
• 04/29 kubernetes的configMap文件挂载不同的路径且不覆盖目录的解决方法
• 03/18 使用管理网当作业务网keepalived VIP的心跳线
• 02/15 Linux tc基础使用
• 02/05 docker无法删除掉镜像的解决方法
• 01/20 慎用docker的--rm选项!!!
• 01/10 docker的一些概念

2017

• 12/24 docker容器访问宿主机
• 12/23 docker容器网络互联
• 08/03 Linux 上 iptables ipset 白名单
• 07/25 centos桥接测试
• 07/15 使用 dd 利用 iso 文件制作 USB 启动盘
• 07/06 windows 笔记
• 07/05 centos7 的一些常见软件的安装 mirror
• 06/26 lua列出所有upsteam
• 06/03 bash自定义补全
• 05/25 shell脚本的选项和参数处理
• 05/15 rpm包的制作笔记
• 05/12 ssh互信
• 05/06 shell利用快捷键提升命令输入和编辑
• 04/29 个人zabbix安装和坑的解决
• 04/26 正则零宽断言的一个注意点
• 04/25 [转载]awk中RS,ORS,FS,OFS区别于联系
• 04/20 记录LVM和raid的练习
• 04/20 虚拟化扩容硬盘大小
• 04/17 分享下自己做的外网控制硬件
• 04/15 shell多进程并发执行
• 04/15 shell的字符串截取
• 04/11 8266模块的烧写和sdk的坑
• 04/09 安卓安装linux并且源码编译安装搭建lnmp的坑和总结
• 04/03 centos配置bond
• 03/28 Linux 僵尸进程处理
• 03/23 判断是否是 dhcp 获取ip的一个手段
• 03/20 vsftpd虚拟用户简单部署
• 03/15 源码编译安装lnmp
• 02/26 Altium Designer里走线开窗和挖除铺铜还有一些技巧
• 02/12 微信公众号接入自己服务器
• 02/02 lamp环境搭建总结
• 01/08 微信公众号接入图灵机器人api

2016

• 11/13 cad
• 10/30 记录下自己制作的led-vu
• 10/28 hello world

 linux  微信  diy  8266  总结  ipmi  CLP  k8s  Mismatch  Altium Designer  ansible  consul  docker  lnmp  安卓  Linux  kernel  prometheus  exporter  boot  grub  cad  tcp  golang  centos6  chromedp  chrony  kubernetes  cni-plugins  mips64le  kubeconfig  swap  dlv  adguardhome  dns  Dockerfile  e2fsck  fsck  keepavlied  ecs  xmrig  etcd  fio  flannel  ftp  go mod  go  gobot  esp8266  hello world  host-gw  mqtt  原创  jira  confluence  kube-controller-manager  java  springboot  vip  keepalived  ConfigMap  PodAffinity  kylin  arm64  Kylin  audit  fs  nginx  microsoft  graph  onedrive  nodeport  usb-net  overlay  kernal  preseed  Prometheus  openstack  cloud-init  python  containerd  keepalive  shell  bash  skopeo  ssh  kubelet  systemd  dockerhub  gcr.io  api  ubuntu18  initrd  tftp  uos  x86  openwrt  zabbix  zombie  正则  awk  EmuELEC  ingress  N1  cobra  hang  cifs  http  lvs  ipvsadm  kube-proxy  63s  timeout  lamp  nfc  pm3  coredns  openshift  ocp  squashfs  timezone  rpm  rpmbuild  segfault  suse  wireguard  raid  kubeadm  operator  exsi  redhat8.4  vxlan  veth  panic  supervisor  pyinstaller  ttf  woff  hostname  qemu  binfmt_misc  loongarch64  externalIP  cgo  nfs  ipset  proxmox  non-root  containers  vmware  hung  apparmor  serviceAccountToken  gpu  nvidia  cri-dockerd  pprof  trivy  redis  /etc/resolv.conf  hostPort  hotplug  android  headscale  derper  iptables  inotifywait  confd  net  clickhouse  ssl  aliyun  kube-log-runner  logrotate  tun2sock2  gitlab  subgroup  grpc  podman  centos



缺失模块，请参考主题文档进行安装配置：https://github.com/fi3ework/hexo-theme-archer#%E5%AE%89%E8%A3%85%E4%B8%BB%E9%A2%98

 日志  心得  闲搞  ipmi  kubernetes  ansible  kubelet  Linux  心得  prometheus  boot  Auto cad  boot  golang  kubeconfig  grub  linux  centos6  容器  docker  docker  容器  openstack  boot  vsftp  go  version  panic  gobot  闲聊  iptables  admission  kube-controller-manager  keepalived  k8s  Prometheus  Job  k8s  lua  microsoft  openwrt  preseed  Prometheus  proxmox  总结  CI  Kylin  ubuntu18  pxe  uos  graph  运维  zombie  技巧  travis  docker  onedrive  kickstart  consul  fstab  http  vxlan  coredns  node-cache  golang  kmem  suse  wireguard  raid  kubeadm  LVM  kickstart  prometheus  raid



